/**
* Login a user
*
* @param string $username
* @param string $password
* @param string $md5password
* @param string $md5passwordutf
* @param string $logintype
*
* @return array
* 'userid' => int the id of the vbulletin user logged in
* 'password' => string "remeber me token". A value that can be used to create a new
* session without the user explicitly logging in
* 'lastvisit'
* 'lastactivity'
* 'sessionhash' => the session value used to authenticate the user on subsequent page loads
* 'cpsessionhash' => value needed to access the admincp. Defines being logged in "as an admin"
*/
public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null)
{
$username = vB_String::htmlSpecialCharsUni($username);
// require_once(DIR . '/includes/functions_login.php');
$vboptions = vB::getDatastore()->getValue('options');
if (!$username) {
throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw'));
}
$strikes = vB_User::verifyStrikeStatus($username);
if ($strikes === false) {
// todo: check for missing args
throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw'));
}
$auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf);
if (!$auth) {
// check password
vB_User::execStrikeUser($username);
if ($logintype === 'cplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($username, 'security');
}
// TODO: we need to add missing parameters for 'forgot password'
if ($vboptions['usestrikesystem']) {
throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
} else {
throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
}
}
vB_User::execUnstrikeUser($username);
// create new session
$res = vB_User::processNewLogin($auth, $logintype);
return $res;
}
if ($strikes === false) {
admin_login_error('strikes');
eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'))));
}
if ($vbulletin->GPC['vb_login_username'] == '') {
admin_login_error('badlogin', array('strikes' => $strikes));
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'), $strikes)));
}
// WE DON'T NEED THIS ANYMORE, AS verify_authentication WILL MODIFY vbulletin->userinfo ONLY IF IT PASSES THE CHECK
// // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
// $original_userinfo = $vbulletin->userinfo;
$auth = vB_User::verifyAuthentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf']);
if (!$auth) {
// Legacy Hook 'login_failure' Removed //
// check password
vB_User::execStrikeUser($vbulletin->userinfo['username']);
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
// $vbulletin->userinfo = $original_userinfo;
// For vB_API we need to unlogin the users we logged in before
if (defined('VB_API') and VB_API === true) {
$vbulletin->session->set('userid', 0);
$vbulletin->session->set('loggedin', 0);
}
if ($vbulletin->GPC['inlineverify'] and $vbulletin->userinfo) {
require_once DIR . '/includes/modfunctions.php';
show_inline_mod_login(true);
} else {